You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Sandeep More (Jira)" <ji...@apache.org> on 2021/10/11 15:10:00 UTC

[jira] [Created] (KNOX-2679) Trim Pac4j entitlements to avoid cookie too large issue.

Sandeep More created KNOX-2679:
----------------------------------

             Summary: Trim Pac4j entitlements to avoid cookie too large issue.
                 Key: KNOX-2679
                 URL: https://issues.apache.org/jira/browse/KNOX-2679
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
            Reporter: Sandeep More
            Assignee: Sandeep More


Currently with KnoxSSO if the user is part of too many groups SAML assertions that we get back from IdP is huge. This cause hadoop-jwt cookie to not set throwing the SSO in a loop.

Knox does not need groups, groups in knox are figured out based on the hadoop-user-group lookup. We should be able to filter out groups from the SAML assertion.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)